Messages

[BUT: If I activate IPS, there are no more alerts, drops, etc.]

Hi!

I am trying to setup an in-line-IPS with OPNsense 20.1.

--> OPNSense installed
--> Two Interfaces bridged
--> All offloading disabled
--> IDS activated and configured.


IDS ist working fine and logging alerts.

BUT: If I activate IPS, there are no more alerts, drops, etc.

Do you have any idea, what I could have made wrong?

Thank you for your help
Stril

Hi!

I really, really appreciate your effort to find a solution, but having an emergency-config on a stick is not a solution in real life, if you have to work with 10s of sites or 100s of sites.

The "emergency" stick becomes more and more outdated until it does not help in case of emergency.
What if the PPPoE-Credentials change? My Team would have to change the config, ask the staff to insert the thumd-drive, copy the config, ask the staff....

It would just be great to be able to have a last "approved" config.

Stril

Hi Franco,

thank you for your answer.
Your experiences are good, but hard to use in my szenario. The systems are located in shops without any IT-stuff. It's not a problem to power-cycle a device, but it's hard to give a person without any techincal skills the advice on how to revert a config by console.
If access via SSH is possible, I do not see a problem, but if I am totally locked out, I need a "plan B".

It would be great to have a safe mode where config is reverted on reboot.

Regards,

The update was NOT successful. It stopped with:


Fetching packages-17.1-OpenSSL-amd64.tar: .mkdir: /var/cache/opnsense-update: Too many levels of symbolic links

Do you have any idea, why that happens?

Regards,

Hi!

I think, I did it.

I had to delete and recreate the symlinks to /root/var/db/pkg, etc.
After that: pkg update -f
pkg install -yf opnsense pkg

Now, the upgrade was possible...

Hi!

Its a CF-Card:


Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ufs/OPNsense0    1.8G    996M    679M    59%    /
devfs                 1.0K    1.0K      0B   100%    /dev
tmpfs                 3.1G    100K    3.1G     0%    /tmp
tmpfs                 3.2G     87M    3.1G     3%    /var
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev

Hi!

This was a preinstalled system, sold by varia-store on a AMD GX-412TC SOC (4 cores)

Is there any possibility to reinstall via web-interface or cli?

Regards

Hi!

pkg info does not show anything.

How can i update to 16.7.14_2?
The GUI shows:

Versions   OPNsense 16.7-amd64
FreeBSD 10.3-RELEASE-p5
OpenSSL 1.0.2h 3 May 2016
Updates   
Your system is up to date.
Click to check for updates
CPU Type   AMD GX-412TC SOC (4 cores)


The update via CLI does not start, too...

Regards,
Stril

Hi!

Isn't HA the same problem? A fatal config-change would corrupt the config on both systems.

Another option would be to force a rollback on pressing the reset-button

What do you do in those situations? I think the "cisco-concept" with two configs is a very good thing...


Regards,
Stril

Hi!

I am running many remote sites and thinking about replacing the systems there with OPNsense systems, but there is one thing, I could not solve:

At the moment, the running systems are working like Cisco devices:
- Config changes are commited to "running-config"
- "running-config" must be copied to "startup-config"
- If "running-config" is not saved, a power-cycle reverts to "startup-config"


If i do something stupid on a system that leads to a big problem (e.g. VPN goes down), someone at the remote-location without any IT-knowledge can power-cycle the device.

Is there any mechanism to allow a config-revert WITHOUT console?

It would be great to save to an "approved" config, that will be loaded on boot.

Thank you and best wishes
Stril

Hi!

I am trying to update my ALIX-system to OPNsense 17.1
As written in the release notes, I am trying to update through SSH, but after pressing "12" on the console, the system jumps back to the menu:

Code Select Expand


0) Logout                             7) Ping host
1) Assign Interfaces                  8) Shell
2) Set interface(s) IP address        9) pfTop
3) Reset the root password           10) Filter Logs
4) Reset to factory defaults         11) Restart web interface
5) Power off system                  12) Upgrade from console
6) Reboot system                     13) Restore a configuration

Enter an option: 12

This will automatically fetch all available updates, apply them,
and reboot if necessary.  Proceed with this action? [y/N]: y

Restarting webConfigurator...done.

*** OPNsense.localdomain: OPNsense 16.7 (amd64/OpenSSL) ***

WAN (igb1)      -> v4: 10.0.0.12/24
LAN (igb0)      -> v4: 10.49.0.12/24
OPT1 (igb2)     ->

0) Logout                             7) Ping host
1) Assign Interfaces                  8) Shell
2) Set interface(s) IP address        9) pfTop
3) Reset the root password           10) Filter Logs
4) Reset to factory defaults         11) Restart web interface
5) Power off system                  12) Upgrade from console
6) Reboot system                     13) Restore a configuration


Is there anything, I forgot?

Thank you and best wishes,
Stril